mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 07:07:52 +01:00
Code Issues Projects Releases Wiki Activity
29996 commits 53 branches 632 tags 102 MiB
Commit graph

29996 commits

This branch
This branch
All branches
Author SHA1 Message Date
Roger Dingledine
776c1a5d1a make ipv6-only config complaint clearer 
(a relay operator hit this on #tor-relays and couldn't make sense
of it. i couldn't either until i went to go read the code.)
 2018-09-08 17:08:22 -04:00
Nick Mathewson
9f0e8d8c03 Merge branch 'maint-0.3.4' 2018-09-07 15:14:03 -04:00
Nick Mathewson
0d5aaef465 Merge branch 'maint-0.3.3' into maint-0.3.4 
"ours" to avoid bump.
 2018-09-07 15:12:27 -04:00
Nick Mathewson
cff7cb858b Merge branch 'maint-0.3.2' into maint-0.3.3 
"ours" to avoid bump
 2018-09-07 15:12:09 -04:00
Nick Mathewson
36885f34f6 Merge branch 'maint-0.2.9' into maint-0.3.2 
"ours" to avoid bump
 2018-09-07 15:11:49 -04:00
Nick Mathewson
43e400f340 Bump to 0.3.3.10 2018-09-07 15:11:18 -04:00
Nick Mathewson
cdaf9aec8e Bump to 0.3.2.12 2018-09-07 15:11:07 -04:00
Nick Mathewson
da29074fc4 Bump to 0.2.9.17 2018-09-07 15:10:49 -04:00
Nick Mathewson
9ca1af9a87 Merge remote-tracking branch 'dgoulet/ticket20700_035_03' 2018-09-07 15:03:32 -04:00
George Kadianakis
3695ef6343 HSv3: Don't assert when reading bad client-side privkeys. 2018-09-07 14:05:07 -04:00
George Kadianakis
6583d1e709 HSv3: Add subcredential in client auth KDF on the client-side. 2018-09-07 14:05:07 -04:00
George Kadianakis
1e9428dc61 HSv3: Add subcredential in client auth KDF on the service-side. 
Also update some client auth test vectors that broke...
 2018-09-07 14:05:07 -04:00
David Goulet
c76d00abfa hs-v3: Make hs_desc_build_fake_authorized_client() return an object 
Return a newly allocated fake client authorization object instead of taking
the object as a parameter.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5e1d36c7db bug: Use PATH_SEPARATOR instead of slash 
In function get_fname_suffix, previously it uses /, but in fact it
should use PATH_SEPARATOR.
 2018-09-07 14:03:55 -04:00
David Goulet
8e57986e7d hs-v3: Improve v3 client authorization logging 
Part of #20700.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
5b2871d2f2 hs-v3: Log client auth load activities client side 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
7ace28c952 hs-v3: Log client auth load activities service side 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:55 -04:00
Suphanat Chunhapanya
83c8419e73 hs-v3: Rename client_pk to client_auth_pk 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:08 -04:00
Suphanat Chunhapanya
9f975e9995 hs-v3: Rename client_sk to client_auth_sk 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:03:07 -04:00
Suphanat Chunhapanya
b61403c787 test: HS v3 client auth is config equal function 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
8f64931d67 hs-v3: Republish descriptors if client auth changes 
When reloading tor, check if our the configured client authorization have
changed from what we previously had. If so, republish the updated descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
3b08b23997 hs-v3: Make all descriptor content free functions public 
Series of functions that we now need in hs_service.c.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
53dd1699ba hs-v3: Re-enable the decoding in the encoding function 
Previously, the validation by decoding a created descriptor was disabled
because the interface had to be entirely changed and not implemented at the
time.

This commit re-enabled it because it is now implemented.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
69fb25b0f6 test: HS v3 descriptor decoding with client authorization 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:43 -04:00
Suphanat Chunhapanya
7acb720027 hs-v3: Decrypt the descriptor with client private key 
Parse the client authorization section from the descriptor, use the client
private key to decrypt the auth clients, and then use the descriptor cookie to
decrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 14:02:39 -04:00
Suphanat Chunhapanya
63576b0166 hs-v3: Refactor the descriptor decryption/decoding 
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
462d4097ce hs-v3: Refactor secret data building logic 
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
9c36219236 test: HS v3 client authorization loading secret key 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
8e81fcd51a hs-v3: Load client authorization secret key from file 
The new ClientOnionAuthDir option is introduced which is where tor looks to
find the HS v3 client authorization files containing the client private key
material.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fd6bec923c test: HS v3 descriptor encoding with client authorization 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
fa50aee366 hs-v3: Encrypt the descriptor using a cookie 
Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
10f4c46e50 test: Build an HSv3 descriptor with authorized client 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
0dab4ac2dd test: HS v3 building a descriptor with client auth 
This commit tests that the descriptor building result, when the client
authorization is enabled, includes everything that is needed.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
08bbcffc0e hs-v3: Generate all descriptor related keys 
We need to generate all the related keys when building the descriptor, so that
we can encrypt the descriptor.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
15af47ede0 test: HS v3 loading client auth keys service side 
Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:22 -04:00
Suphanat Chunhapanya
b894b40e64 hs-v3: Load all client auth keys to the service 
This commit loads all client public keys from every file in
`authorized_clients/` directory.

Signed-off-by: David Goulet <dgoulet@torproject.org>
 2018-09-07 13:59:07 -04:00
Nick Mathewson
13d0855a89 Merge remote-tracking branch 'teor/bug27521' 2018-09-07 10:29:45 -04:00
Nick Mathewson
b9103c38c3 Merge branch 'maint-0.3.4' 
"ours" to avoid version bump
 2018-09-07 09:49:41 -04:00
Nick Mathewson
fa38bbb700 Bump to 0.3.4.8 2018-09-07 09:49:29 -04:00
Nick Mathewson
859d744eb8 in master, remove changes files for already-merged changes 2018-09-07 09:39:54 -04:00
Nick Mathewson
c50a053a95 Copy updated 0.3.4.6-rc changelog to master 
Forward-ports fix for 27488.
 2018-09-07 09:32:31 -04:00
Nick Mathewson
732ea9120c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-09-07 09:15:56 -04:00
Nick Mathewson
8849b2ca3c Merge branch 'maint-0.3.3' into maint-0.3.4 2018-09-07 09:15:56 -04:00
Nick Mathewson
ee6d8bcf71 Merge branch 'maint-0.3.4' 2018-09-07 09:15:56 -04:00
Nick Mathewson
0366ae224c Merge branch 'maint-0.2.9' into maint-0.3.2 2018-09-07 09:15:52 -04:00
Nick Mathewson
1e46a391b3 Merge branch 'ticket27344_029' into maint-0.2.9 2018-09-07 09:15:15 -04:00
Nick Mathewson
2ec88a2a6d Tell openssl to build its TLS contexts with security level 1 
Fixes bug 27344, where we'd break compatibility with old tors by
rejecting RSA1024 and DH1024.
 2018-09-07 09:15:06 -04:00
Nick Mathewson
291876be36 Merge branch 'maint-0.3.4' 2018-09-07 08:48:23 -04:00
Nick Mathewson
967cef2f8f Merge remote-tracking branch 'teor/bug27460-034' into maint-0.3.4 2018-09-07 08:48:19 -04:00
Nick Mathewson
579770b706 Merge branch 'maint-0.3.4' 2018-09-07 08:46:46 -04:00